CVE-2008-2476

{"id": "CVE-2008-2476", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-10-03T15:07:10.727", "references": [{"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-013.txt.asc", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/32112", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/32116", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/32117", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/32133", "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/32406", "source": "cret@cert.org"}, {"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:10.nd6.asc", "tags": ["Vendor Advisory"], "source": "cret@cert.org"}, {"url": "http://securitytracker.com/id?1020968", "source": "cret@cert.org"}, {"url": "http://support.apple.com/kb/HT3467", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/472363", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-7H2RY7", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/MAPG-7H2S68", "tags": ["US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.openbsd.org/errata42.html#015_ndp", "source": "cret@cert.org"}, {"url": "http://www.openbsd.org/errata43.html#006_ndp", "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/31529", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1021109", "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1021132", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2750", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2751", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2752", "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2009/0633", "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45601", "source": "cret@cert.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5670", "source": "cret@cert.org"}, {"url": "https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2008-09-036&viewMode=view", "source": "cret@cert.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB)."}, {"lang": "es", "value": "La implementaci\u00f3n IPv6 Neighbor Discovery Protocol (NDP) en (1) FreeBSD v6.3 hasta v7.1, (2) OpenBSD v4.2 y v4.3, (3) NetBSD, (4) Force10 FTOS versiones anteriores a vE7.7.1.1, (5) Juniper JUNOS, y (6) Wind River VxWorks 5.x hasta v6.4 no valida los mensaje originales de Neighbor Discovery, lo cual permite a atacantes remotos provocar una denegaci\u00f3n de servicio (p\u00e9rdida de conectividad) o leer tr\u00e1fico de red privado a trav\u00e9s de mensajes falsos que modifica la Forward Information Base (FIB)."}], "lastModified": "2017-09-29T01:31:11.053", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:force10:ftos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4941A848-A02E-4234-82A3-076AABC94476"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F702C46F-CA02-4FA2-B7D6-C61C2C095679"}, {"criteria": "cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "803EFA9F-B7CB-4511-B1C1-381170CA9A23"}, {"criteria": "cpe:2.3:o:juniper:jnos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BD3413A-DD12-4C60-88F4-E2D6C1264319"}, {"criteria": "cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B55E4B92-88E0-41F0-AFA7-046A8D34A2CA"}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF8DD37-A337-4E9D-A34E-C2D561A24285"}, {"criteria": "cpe:2.3:o:openbsd:openbsd:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F12313A0-1EAF-4652-9AB1-799171CFFEA9"}, {"criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFCBBA4F-BD05-4044-98A0-2825A413D299", "versionEndIncluding": "6.4"}, {"criteria": "cpe:2.3:o:windriver:vxworks:5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F69B80D9-E6A6-4761-9EE3-3EF5E55EFA8B"}, {"criteria": "cpe:2.3:o:windriver:vxworks:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE3680A0-7B0C-4E91-97D7-B3F33EE1569A"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.", "lastModified": "2017-09-28T21:31:11.053", "organization": "Red Hat"}], "sourceIdentifier": "cret@cert.org"}